Best Free Encryption Utility for Cloud Storage

toggle-button

Introduction

Most cloud storage services claim they "take every precaution" to keep your data secure. For example, most use encryption to make sure your files are secure in transit. They "have internal policies and controls" to ensure that employees don't access your files. But things do go horribly wrong.

For many cloud-storage users, privacy and robust encryption are top priorities. It is essential for data and documents to be encrypted before leaving their device, and it is essential that no other entities have their encryption key or any other way to gain clear-text access to their files.

On-the-fly encryption is the the most convenient way to protect your files in transit and in the cloud. That's where client-side products like SpiderOak, Tresorit, Sync and Cryptomator come in. Client-side on-the-fly encryption assures that your files never leave your computer in an unencrypted state. And your encryption key should never leave your computer.

Once it is properly set up, good client-side, on-the-fly encryption applications require no direct action by users. They and their client-side processes have fast, direct access to unencrypted files. But encryption adds complexity (things do go horribly wrong), and local backups are still important.

See also Encryption Methods at the end of this article.

 

Rated Products

SpiderOak  

Provides client-side encryption, automatic backup and sync with storage space.


Our Rating: 
4
License: Free (Limited features)
SpiderOak provides 2 GB of free cloud storage, along with client-side encryption. More storage is available for a fee. You can select as many local files or folders as you'd like - within the storage limit- for backup and sync. Your files are remain unencrypted on your synced devices, but are always encrypted before transmission and in the cloud.
SpiderOak keeps previous versions of files you back up - which is good - but those versions count against your 2 GB allocation. Although you can delete old file versions, 2 GB could get to be a little tight eventually. The user interface is logical, but it's a bit complex to discover it all if you want to use more than basic options.
Read full review...

Sync  

Provides sync, sharing, 5 GB of free storage and software to sync files with the encrypted cloud storage.


Our Rating: 
4
License: Free (Limited features)
Simple to install and simple to use. Clean and powerful with proven encryption. File versioning. Easily tailor what you want to sync and store on each of your devices. Sync and their servers are Located in Canada (no Patriot Act). Also has the "pluses" of Type 1 encryption as referenced in the Introduction section of this article.
The (minor) "minuses" of Type 1 encryption as referenced in the Introduction section of this article.
Read full review...

Cryptomator  

Free and open-source software provides transparent (on-the-fly), client-side encryption for cloud storage.


Our Rating: 
4
License: Free (Open source)
Open-source, which makes independent cryptographic review possible. Simple user interface and discovering features and settings is fairly intuitive. Compatible with a wide range of cloud storage services. Fast sync with the cloud. The wide range of cloud provider choices enables choice of features, functions and price. Client-side files are always encrypted at rest.
Can be challenging to set up the first time.
Read full review...

BoxCryptor  

Provides on-the-fly encryption giving you transparent access and quick cloud-sync for encrypted files.


Our Rating: 
2.5
License: Free (Limited features)
On-the-fly encryption gives you transparent access and quick sync for encrypted files when signed in. Strong security. Simple operation. For Windows, Mac, iPhone, iPad, and Android. Can be used to interface with several cloud-storage providers (limited to one choice in the free version).
The file system interface could lead to confusion, with files left unencrypted in the cloud (see discussion above). Requires Microsoft .NET. Only one encrypted folder is allowed in the free version, and it is limited to 2 GB.
Read full review...

Tresorit  

Provides seamless sync via the cloud, encrypted links for sharing and secure collaboration.


Our Rating: 
2
License: Free (Limited features)
Possibly the most secure choice of products listed here. A cloud storage account is included as part of the service. Tresorit has a clean, simple interface. Sync works quickly and well. Well written support documentation. You can recover previous versions of files. Has worked very reliably for me. Tresorit operates under Swiss laws, and uses Irish and Dutch servers (no Patriot Act).
The current free version is severely hobbled. See note in the discussion. Local files are not encrypted (but it's highly unlike that they will be lost in processing).
Read full review...

Cautionary Notes on Encryption

  1. Recent revelations about NSA crippling, or hacking encryption software are sobering if you store or transfer sensitive data via the internet. I would not suggest that it is prudent to trust any of the products listed here to protect your information from government agents or nation states, or determined cyber criminals.
  2. It still seems reasonable at this point to trust these products for protection from most hacker attacks.
  3. Operating systems are messy: Echoes of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use. For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it may remain on your hard drive. It is not difficult to extract those echoes.
  4. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need  beyond encryption to be sure your private data is not lost or exposed.

New encryption applications often appear when an individual reads up on applied cryptography, selects or devises an algorithm, maybe even a reliable open source one, and then implements a user interface, tests the program to make sure it works, and thinks he's done. They are not. Such a program is certain to harbor fatal flaws.

"Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely buzzword compliant; they use secure cryptography, but they are not secure." --Bruce Schneier, in Security Pitfalls in Cryptography

 

Related Products

 

Encryption Methods

Common ways to implement on-the-fly, sometimes called transparent encryption

There are pitfalls and limitations in most systems for cloud-storage encryption. Perhaps you can spot them below, but this list might be best used as a reminder. Go learn more about these encryption methods in the Selecting an Encryption Method for Cloud Storage article and then come back here.

Type 1 = [Unencrypted folder] << >> [Integrated encryption & cloud sync] << >> [Cloud storage]

Examples: Tresorit | SpiderOak

Type 2 = [Virtual Drive - virtual clear-text files] << >> [Encryption] << >> [Folder - encrypted files] << >> [Cloud sync] << >> [Cloud storage]

Examples: BoxCryptor | Cryptomator | Cloudifile |

Type 3 = [User Folder - clear-text files] << >> [Encryption] << >> [Folder - encrypted files] << >> [Cloud sync] << >> [Cloud storage]

Example: Cloudfogger

Type 4 = [Virtual drive - clear-text files are virtual only] << >> [Encryption] << >> [Encrypted volume - single encrypted file] << >> [Cloud sync] << >> [Cloud storage]

Examples: VeraCrypt | TrueCrypt (not recommended, see in Related Products and Information below)

 

Editor

This software category is in need of an editor. If you would like to give something back to the freeware community by taking it over, check out this page for more details. You can then contact us from that page or by clicking here

Please rate this article: 

Your rating: None
4.52
Average: 4.5 (50 votes)
toggle-button

Comments

Based on several review sites, we chose Vivo for encryption of corporate files on Dropbox (about 200,000 files with 20 users).

There is no user guide for Vivo and there are 2 versions of the product. Responses by email from the company were minimal.

After two months of frustration and wasted labor hours, we gave up. The software may indeed be as good as the reviews indicate. Add in the costs of implementation since there is no user manual.

Who needs cloud storage if you have a NAS and BittorrentSync ?
You use BTSync to sync the encrypted folder with its content anywhere you go on any mobile or stationary device you use.

Thus far the only tools that can handle this requirement well are encfs (for linux/unix) and boxcryptor (for windows). Big problem I have with boxcryptor is that it's really slow and hogging my OS. Probably because it does all encryption and decryption on-the-fly in memory(?). It doesn't store the unencrypted files anywhere, it's just showing a virtual drive. That is to say, this works with Boxcryptor Classic. The new version is messy, puts your virtual folder one folder deep, I see no advantage in that 'feature' to be honest.

I used to use TrueCrypt, still unbeated in its footprint, don't know how they did that. The virtual drive-letter linked to a tc volume, and it was blazing fast (both directions), I used it with Firefox Portable and many other apps straight from encrypted volume. But it got larger and larger over time. I need one that can handle about 20 GB of space. This you just can't sync, such a volume doesn't even sync while in use (it's locked), so that was not workable for me.
By the way, Gostcrypt seems to be your best bet if you want the TrueCrypt options.

I'm really surprised by the fact that TrueCrypt is the only software capable of encrypting and decrypting with such low memory usage and practically no noticeable performance loss. NONE of the other packages allow me to have a virtual drive-letter open content that is always stored in encrypted state. The only ones that offer this are really slow and sluggish (that is encfs and boxcryptor), plus they have all kinds of security issues (filenames not encrypted, watermarking easy to find out what the key should be etc.)

If anyone has tips on this, let me know.
CryptSync does not work, it always leaves a stored unencrypted folder on my device when not in use, that's definitely NOT what I look for. I need something that leaves my btsynced storage folder always encrypted when my laptop gets stolen etc. except for when I access it as that virtual drive-letter using my passphrase.

Most people don't have a NAS.
CrypSync is the one I'm using. If you worry about local copies, just use TrueCrypt (now VeraCrypt may be more suitable) to encrypt your local hard drive/system.

Thank you for this wonderful article. It helps me a lot.

I'm glad it was helpful Richard.

You are welcome Mr. Philip. I am looking forward to more nice article on this subject. Thank you for your effort.

Warm regards,
Richard

Most of the suggestions require some sort of dependency on someone else. I prefer CryptSync to avoid dependencies.

I just attempted to download a file at Mega (one stored there for readers to download as an example in a how-to Android article).

It refused to function with three different browsers (Opera, Firefox and IE), saying that i needed to update to the latest versions.

I verified that my IE was up-to-date, updated Firefox and refused to "update" Opera (since i'm using the last version of what i consider to be the "real" Opera before they completely screwed up the UI and their bookmarks system).

Still, none of them worked - got the same message.

There was, however, a link (which i refused to even mouse over) offering to "update" your browser for you...

To Kahomono:
A very good link. TrueCrypt forever, as far as I am concerned.

Spideroak is fine until you reach the 2Gb limit.

then it gets stuck. It seems impossible to remove anything once you have stored it there and yet it opens and tries to keep updating itself with yoru data changes causing it to just hang.

Upgrading to the paid version would be ok if there were sensible upgrades like 5 or 10gb but the lowest available is 100Gb priced accordingly.

I recommend that you do not use TrueCrypt any longer. I'm using VeraCrypt now. See more in "Special notes on TrueCrypt" at the beginning of this article.
Update: No longer advised. See the comment above... Steve Gibson, who runs GRC, is one of the few people writing on the internet who truly understand both online security and security software. His opinion aout TrueCrypt agrees with my own. In fact, I rely on TrueCrypt myself. Thanks for the link Kahomono.

Sharedsafe is not listed and sounds great. I just installed it a few minutes ago so I dont know on the long run but so far it seems good.
https://www.sharedsafe.com/

Since comments are still being added here, I will note that Wuala (which was my favorite of all the client-side encryption storage options because it integrates with the file system on Windows) is ending its free offering. Beginning at the end of the year, all users must either pay up or have their data deleted. That's why I'm searching for a new option. Tresorit looks okay, but it doesn't integrate with Windows Explorer the way Wuala does. Damn. I'm going to miss using that service.

Hi Folks,

Wondering if anyone has given any thought to the local storage space requirements of these encryption utilities. From what I have seen most of them store both cleartext and encrypted copies of the same data locally. Putting aside compression for the moment, this essentially doubles the space requirement. So if I want cloud security, I need to double the size of my hard drive? Is that the best that's out there right now? Besides, this model does not exactly match the "on-the-fly" concept. I see it more as slowly crawl from cleartext to encrypted, and then more slow crawl from encrypted to cloud.

The compression helps save a bit of space but you still need almost double, and it comes at a pretty big price in performance. Using Viivo right now and I am seeing it does not give you a choice to turn compression off - seems pretty ridiculous. User should be able to choose if they wnat the files faster or smaller.

Would love to hear thoughts on this.

Thanks!

Tresorit avoids the problem you mention. The only files on your hard drive are the plain-text ones. The cloud data is dynamically encrypted or decrypted during transfer, depending on the direction of data flow.

Thanks Philip! Yes I looked at Tresorit but the storage costs about 10 times what dropbox costs right now for 1 TB. And they have a lot of limitations even for the paid pro and business versions (e.g. max 2 GB file size, etc.) Also does not support selective sync of subfolders within a Tresor. I guess the perfect solution doesn't exist :-(! I remember several years ago I used IDrive and Mozy and they both supported "zero-knowledge" encryption with private key known only to the user. But unfortunately these are more for backup than for sync and they both had their own limitations as well.

If anyone in this forum knows about a client-side cloud encryption utility that works with dropbox and other similar clods without doubling my local storage - would still love to hear about it.

Thanks!

I use Ubuntu Linux. What works for me is to use ENCFS to create an encrypted directory.

ENCFS works by creating two directories: an encrypted one (which is a real directory in your filesystem), and an unencrypted one (which is mounted by ENCFS). Then, I keep the encrypted directory inside a cloud storage server (Dropbox). It works great across computers as long as you use the same (secure) password, and optionally keyfiles, across machines.

The Gnome Encfs manager makes these partitions automatically mount upon login. It can also auto-dismount after a user-defined timeout.

ENCFS: http://www.arg0.net/encfs to create an encrypted partition
GNOME ENCFS: https://help.ubuntu.com/community/FolderEncryption

I think Cloudfogger is dead. Their blog and twitter haven't seen a new post since 2012. Would love to see an updated version of this article re-reviewing the programs that are still active and listing any new contenders. I'm guessing much has changed. Boxcryptor now wants a yearly subscription from you to get the same functionality that used to be free, etc.

Hi theelostone, Yes, I appears that they are not in an active mode at Cloudfogger. Their blog, Twitter and Facebook entries all stopped, and their webpage still states "free for non-commercial use." I will be moving Cloudfogger off the main list. I keep an eye on this encryption category, and recently moved Tresorit to the main list. I've been using it for nearly a year with great results. I haven't looked closely at Mega yet (comment below), but I like the fact that they are located in New Zealand.
Take a look at Mega, a file hosting and cloud storage site with top notch security. The site uses an advanced AES encryption algorithm at client side. Even the site owners doesn't have access to the encryption keys, so they can't decrypt the content. Also you get 50GB free storage space with 10GB bandwidth.
Well, the joke's on me. I should have recognized Mega at the start. It is the colorful Kim Dotcom's old Megaupload rising from the ashes. This search at DuckDuckGo will give you a feel for my surprise when I began to vet Mega. I wanted to go beyond their rather (pun intended, but apropos) cryptic website. It will be interesting to keep an eye on it. Could turn out to be the world's best or something else.
Thanks for the tip George. I'll take a look.

With more attention on "taking the keys back" with regard to security in the cloud, this article has a nice roundup of offerings. With Viivo specifically, there have been a few updates since it was first publishing, including new features, UX and support for Box, Drive & SkyDrive (or whatever it'll be called next). Others updated, too, I'm sure, as attention in this area of security is understandably booming.

Philip I don't see Bitcasa mentioned here. They offer 10 Gb free. I have been using their free service for a few months with mixed feelings. You can access you files in the cloud and download them if need be, but you cannot delete them when in their website. The deletion needs to be done locally by unmirroring the file or folder you want deleted. They used to offer email support to free accounts as well, but have recently stopped doing that and reserve it for paid accounts only. In any case Bitcasa should be considered I think.
With the recent upheaval from the Snowden revelations I am not sure anymore about the security of all these client-side encryption programs, and am considering doing my own encryption (TrueCrypt?)in combination with a cloud service.

To wrap up what I've learned about Bitcasa: 1) They use what is known as Convergent Encryption, which may not be secure against determined snooping (see the Wikipedia article on the technology). 2) Their focus is on storing all your data in the cloud (so you never run out of space, and can access your files from anywhere), not highly secure storage. 3) In a video pitch that I watched, the key founder was brilliant, but he is young, and seemed overconfident. So it's not for me. ;)
Thanks for your comment DutchPete. I'll take a look at Bitcasa. I don't know how to respond to the Snowden revelations yet. For me, it's not the surveillance that I'm concerned about so much as it is the corruption that they have imposed on encryption. It's not going to be long before cyber criminals learn how to break the compromised utilities, and there is no way to know which ones those are. Oh bother.

Love CryptSync. It is basically a watch folder front end for 7-Zip.

Try http://tools.tortoisesvn.net/CryptSync.html

From it's website:
" CryptSync is a small utility that synchronizes two folders while encrypting the contents in one folder. That means one of the two folders has all files unencrypted (the files you work with) and the other folder has all the files encrypted.

The synchronization works both ways: a change in one folder gets synchronized to the other folder. If a file is added or modified in the unencrypted folder, it gets encrypted. If a file is added or modified in the encrypted folder, it gets decrypted to the other folder. "

Pages